Lucene search
K

58 matches found

Cvelist
Cvelist
added 2022/04/12 4:11 p.m.17 views

CVE-2022-28770

Due to insufficient input validation, SAPUI5 libraryvbm - versions 750, 753, 754, 755, 75, allows an unauthenticated attacker to inject a script into the URL and execute code. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and...

6.5AI score0.00788EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/04/12 12:0 a.m.2 views

SAPUI5 library 跨站脚本漏洞

SAP SAPUI5 library is a JavaScript application framework from SAP, a German company. SAP SAPUI5 library is vulnerable to cross-site scripting, which can be exploited by unauthenticated attackers to execute JavaScript code on the client side...

6.1CVSS7.3AI score0.00788EPSS
Exploits0References4
NVD
NVD
added 2021/09/15 7:15 p.m.24 views

CVE-2021-33697

Under certain conditions, SAP BusinessObjects Business Intelligence Platform SAPUI5, versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities...

6.1CVSS0.00562EPSS
Exploits0References2
Prion
Prion
added 2021/09/15 7:15 p.m.22 views

Design/Logic Flaw

Under certain conditions, SAP BusinessObjects Business Intelligence Platform SAPUI5, versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities...

5.8CVSS6.3AI score0.00562EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/09/15 6:1 p.m.55 views

CVE-2021-33697

CVE-2021-33697 affects SAP BusinessObjects BI Platform SAPUI5 (versions 420 and 430). The issue is a reverse tabnabbing vulnerability allowing an unauthenticated attacker to redirect users to a malicious site. Public exploitation details aren’t provided in the supplied documents. No remediation s...

6.1CVSS6.3AI score0.00562EPSS
Exploits0References2Affected Software1
Node.js
Node.js
added 2021/02/23 1:32 a.m.82 views

Arbitrary JavaScript Execution

Overview In affected versions of less-openui5 processing untrusted theming resources might execute arbitrary code. Impact When processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be...

6.8CVSS0.7AI score0.00988EPSS
Exploits0Affected Software1
OSV
OSV
added 2021/02/16 6:15 p.m.17 views

CVE-2021-21316

less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. In less-openui5 before version 0.10., when processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be execut...

7.8CVSS6.7AI score
Exploits0References5
Prion
Prion
added 2021/02/16 6:15 p.m.14 views

Privilege escalation

less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. In less-openui5 before version 0.10., when processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be execut...

6.8CVSS7.5AI score0.00988EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/01/29 8:51 p.m.51 views

Processing untrusted theming resources might execute arbitrary code (ACE)

Impact When processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be executed in the context of the build process. While this is a feature of the Less.js library, it is an unexpected behavi...

7.8CVSS0.2AI score0.00988EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2021/01/29 8:51 p.m.20 views

GHSA-3CRJ-W4F5-GWH4 Processing untrusted theming resources might execute arbitrary code (ACE)

Impact When processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be executed in the context of the build process. While this is a feature of the Less.js library, it is an unexpected behavi...

6.3CVSS7.5AI score0.00988EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2020/02/17 12:0 a.m.4 views

The vulnerabilities of the OpenUI5 and SAPUI5 software platforms stem from deficiencies in the encryption of user-input data, allowing attackers to carry out cross-site scripting attacks.

The vulnerabilities of the OpenUI5 and SAPUI5 software platforms exist due to deficiencies in the encryption of user-input data. Exploiting these vulnerabilities allows a malicious actor to perform cross-site scripting attacks remotely...

6.4CVSS6AI score0.01325EPSS
Exploits0References3Affected Software1
Symantec
Symantec
added 2019/11/12 12:0 a.m.56 views

SAP UI5 HTTP Handler CVE-2019-0388 Unspecified Content Spoofing Vulnerability

Description SAP UI5 HTTP Handler is prone to an unspecified content-spoofing vulnerability. Attackers can exploit this issue to manipulate and spoof content, which may aid in further attacks. Technologies Affected SAP SAPUI5 SAP UI 7.5 SAP UI 7.51 SAP UI 7.52 SAP UI 7.53 SAP UI 7.54 Recommendatio...

5.6AI score0.00727EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/07/10 7:15 p.m.19 views

CVE-2019-0281

SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

6.1CVSS6AI score0.01325EPSS
Exploits0References3
OSV
OSV
added 2019/07/10 7:15 p.m.14 views

CVE-2019-0281

SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

6.1CVSS6AI score
Exploits0References3
Prion
Prion
added 2019/07/10 7:15 p.m.22 views

Cross site scripting

SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

4.3CVSS5.9AI score0.01325EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2019/07/10 6:46 p.m.138 views

CVE-2019-0281

SAPUI5 and OpenUI5 are affected prior to versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, where user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability. The root cause is insufficient input encoding. Connected documents confirm the issue ...

6.1CVSS5.9AI score0.01325EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/07/10 6:46 p.m.19 views

CVE-2019-0281

SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

6AI score0.01325EPSS
Exploits0References3
CNVD
CNVD
added 2018/05/29 12:0 a.m.1 views

Unspecified Cross-Site Scripting Vulnerability in SAP SAPUI5

SAP SAPUI5 is a UI technology that provides everything you need to build enterprise-class Web applications. SAP SAPUI5 suffers from an unspecified cross-site scripting vulnerability that stems from the program not properly validating user-supplied input. A remote attacker could use this...

6.8AI score
Exploits0References1
Rows per page
Query Builder